Zoom Mail Service Encryption and Limitations

This article is designed to help you evaluate whether the Zoom Mail Service is a good fit for your organization. This service is designed for small and mid-sized businesses. 

Zoom Mail Service is a Zoom-hosted email provider with optional end-to-end encryption for emails sent directly between active users on the Zoom Mail Service system. End-to-end encryption for those emails depends on factors such as user or account level settings, whether the sender and receiver have already generated encryption keys, and whether the sender and receiver are running the latest client version. The user interface will indicate when the email a user is about to send will be end-to-end encrypted.

Zoom Mail Service is designed to prioritize privacy between mail senders and recipients. This means information contained within end-to-end encrypted messages is private, and this information is not accessible to Zoom.

As such, some third-party security tools that businesses are accustomed to using on other email platforms are not compatible with Zoom Mail Service.

This article covers:

Prerequisites for Zoom Mail Service encryption

Limitations for Zoom Mail Service encryption

User limitations

Admin limitations

How encryption is used with Zoom Mail Service

The footer of every email handled by the Zoom Mail Service denotes which type of encryption was used when sending or receiving the email: E2E Encrypted or Server Encrypted.

Note: Integrations with third-party email services through the Zoom Mail Client are separate offerings, and messages sent between users of these integrations are not end-to-end encrypted.

E2E Encrypted

Zoom Mail Service includes the option for emails sent and received directly between active Zoom Mail Service users to be end-to-end encrypted, depending on a variety of factors. The user interface indicates when the email a user is about to send will be end-to-end encrypted. When an email is end-to-end encrypted, only the users, and, depending on their settings, account owners, or designated account administrators control the encryption key and therefore access to the email content, including body text, subject line, attachments and custom labels applied to messages by users in their inboxes. Information such as the sender and recipients, mimeID, attachment number and size, and timestamps remain in plaintext so Zoom email servers can properly transmit the emails.

To use end-to-end encryption in Zoom Mail Service, users and their recipient(s) must all use email addresses assigned through Zoom Mail Service and be active users with a device associated with each email address. At this time, emails sent to an email list are not end-to-end encrypted, even if all recipients are Zoom Mail Service users. 

Recipients of emails sent through Zoom Mail Service can see, save, and share email content with others, including by sharing emails to Zoom Team Chat. If a recipient shares encrypted content with others, for example, by sharing an encrypted email to Team Chat or forwarding an encrypted email to a third-party recipient without a Zoom Mail Service account, the shared or forwarded content will not be end-to-end encrypted by Zoom. Additionally, designated admins in an account that has opted to use the key escrow feature will have access to all emails in that account, even though those emails will remain encrypted and inaccessible to anyone without the required keys, including Zoom. When the email a user is about to send will be end-to-end encrypted, the user interface will indicate this.

Server Encrypted

Emails between Zoom Mail Service users and those using other email services are encrypted when stored by Zoom. Zoom Mail Service encrypts incoming emails from third-party email services as soon as possible upon receipt and does not retain unencrypted copies of outgoing emails to such services after they are successfully sent.

How to use custom domains on the Zoom Mail Service

All customers will default to the Zoom-provided “zmail.com“ domain, but the use of other domains is possible.

Account owners and admins can view and manage the mail domains they own from the Zoom web portal. They can add or edit a domain, view all their domains in a list, and view details for a specific domain. Additionally, account owners and admins can select a domain they want to enable for the Zoom Mail and Calendar service.

Accounts managing one or more associated domains can use those domains to create corresponding email domains for use with the Zoom Mail Service. Admins can control mailing group creation, mailbox size quotas, calendar access control, and mail auto-deletion and retention.

Learn more about configuring domain management for Zoom Mail.

How to enable or disable end-to-end encryption (E2EE)

Account admin owners or admins can choose whether end-to-end encryption (E2EE) is enabled or disabled for their Zoom Mail domain when they add a domain. If the account admin disables E2EE, escrow and encryption are turned off for all users in their account. When a user enables a domain for Zoom Mail, they can turn E2EE on or off the first time.

When E2EE is disabled in Zoom Mail:

Learn more about domain management settings and managing devices with encryption access and backup encryption keys.